name: Security audit
on:
push:
paths:
- "**/Cargo.lock"
- "**/Cargo.toml"
- "**/deny.toml"
pull_request:
types: [ opened, reopened, synchronize ]
branches:
- main
jobs:
audit-check:
name: Audit check
runs-on: ubuntu-latest
permissions:
issues: write
checks: write
steps:
- uses: actions/checkout@v5
- uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
cargo-deny:
name: Cargo deny
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: EmbarkStudios/cargo-deny-action@v2
with:
rust-version: "1.89.0"
log-level: warn
command: check
arguments: --all-features
audit-success:
name: Audit success
runs-on: ubuntu-latest
needs: [audit-check, cargo-deny]
steps:
- run: echo "All audit jobs successfully finished."